MIST 2090 Part A Final Review
What is a database management system (DBMS)?
The software application that lets you create and work with a database
decentralization
the people making the guesses should be able to draw on their private, local knowledge
What are the major components of a relational database model?
-Data is stored data in one or more tables corresponding to entities -entities are connected through relationships -fields are often referred to as attributed and correspond to columns of the tables -entities consist of one or more attributes
What are the problems arising from the non-hierarchical/messy crowd?
-It can be hard to find what you're looking for in an ocean of uncontrolled information -some of its members behave in hurtful ways
What are the shortfalls of the conventional technical approach?
-Skilled hackers prefer social engineering attacks (its easier to fool a human than a machine) -biometric authentication and MFA prevent attacks from outsiders but not from insiders (which include negligence and malice)
What are the "best practices" for employees in regards to security?
-rotation of duties -mandatory vacations -dual control (two or more people perform the same action) -strict procedure for employee termination
What are the "best practices" for data management in regards to security?
-unlink sensitive data from other data to minimize the damage if it is stolen -systems with sensitive data should be "walled off" from other systems -anonymize sensitive data -encrypt data both in transit and in storage so that is unreadable if it falls into the wrong hands
What are the different types of database relationships?
1:1 - When an instance of one entity can have a relationship with one and only one instance of the other entity 1:m - when an instance of the first entity can have a relationship with one or more instances of the second entity, but instances of the second entity can be related to only one instance of the first m:m - when instances of each entity can be related to one or more instances of the other entity
What is a Database?
A database is an organized collection of data
What are the types of security controls?
Administrative controls, technical controls, and physical controls
Why are software updates important to security?
Allows for routine patching of newly discover vulnerabilities
What is a primary key?
An attribute that can have a unique value for every instance (record) that you store in a table (social security number, student id number, etc.)
What are cryptocurrencies?
An internet-based medium of exchange which uses cryptographically functions to conduct financial transactions
What is the AIC triad?
Availability, integrity, confidentiality; the heart of information security and often forms the basis of security policies, rules of corporate governance, etc.
What are blockchains?
Blockchains prevent cryptocurrencies from operating like "free, perfect, instant" digital goods. The blockchain contains a ledger that records all the transactions, which prevents you from spending the same bitcoin more than once.
How to model a database, generally (use of Crow's foot notation)?
Crows Foot notation is used to signify which end of the relationship is the "many" end; it is used to distinguish between the different relationships (1:1, 1:m, m:m)
Integrity
Data integrity means maintaining and assuring the accuracy and reliability of the information and systems over its lifecycle
Database vs. Spreadsheet
Database Is more powerful and flexible: • Stores more data • Enables looking at data in different ways (queries, forms, reports) • Enables greater data handling (filtering, sorting formatting) database is more complex, structures, requires more detailed knowledge.
THe crowd: OX weight example
In a fair, there was contest to guess the weight of an ox and a statisciam compiled all the answers of the guessers and it came to 1,197 when the actual weight is 1,198 so the crowd was able to produce a near perfect answer. This example shows how the crowd is a vital part of the success of a business because they can give the business the right advice or critiques to make it more successful
What are the four criteria to make crowd-based estimation effective?
Independence, diversity, decentralization, aggregation
What is mentoring and anomaly detection?
Intrusion detection (flagged account after numerous failed login attempts) intrusion prevention (blocked access to critical system from international IP addresses)
What are the conventional approaches to security?
MFA, monitoring, software updates
What is the role of good management in companies of the future?
Managers provide "social skills" of coordination, negotiation, persuasion, and social perceptiveness; how to lead today: egalitarianism and transparency of information
Availability
Refers to the ability for authorized parties to access data and systems when necessary
What is the relationship between transaction cost economics and self-organizing?
TCE suggests that the hierarchical model might be more expensive than the market model given the way that technology decreases transaction costs. Self-organizing models suggest that the hierarchical model might be too expensive given that there are ways to organize production/labor that require very little capital. Both systems state why the hierarchical model isn't the best fit just in different terms and relation to other things
What is a foreign key?
The foreign key in one table is always the primary key in another table
What is continuity planning?
The tactical plan for quickly resuming firm's business operations after a catastrophe and relies on backup sites
When and why outsiders can be more effective than experts
When things become extremely complex, look to the outsiders. Many problems, opportunities, and projects benefit from different perspectives, people, and teams; the crowd is valuable, in large part, because its massively marginal: it contains huge numbers of people who are some combination of smart, well-trained, experienced, tenacious, and motivated
What is the relationship between security controls and security frameworks?
a security framework is the overall security "plan" of an organization and is made up of various security controls that are designed to provide a balance of functions.
Technical controls
authentication, encryption, firewalls, biometrics, etc.
The core
dominant organizations, institutions, groups, and processes of the pre-internet era
What are different ways to organize the crowd?
formal hierarchies, markets, self-organizing structures (wikipedia), openness, noncredentialisim (degrees don't matter), verifiable and reversible contributions, clear outcomes, leadership
diversity
it is important to have a diverse set of guesses
Physical controls
locks, monitoring, mantraps, environmental controls
the crowd
new participants and practices enabled by the net and its attendant technologies
Administrative Controls
policies, standards, procedures, guidelines, personnel screening, training
What is multi-factor authentication?(MFA)
something you know (password) something you have (atm card) something you are (fingerprint)
Confidentiality
the property that information is not disclosed or otherwise made available to unauthorized individuals, entities, or processes; not the same as privacy, a component of privacy that is specific to unauthorized viewers
independence
the various guesses must be independent of one another; each person must guess without knowledge of what other people have guessed
aggregation
there must be some way of aggregating the guesses into a single collective guess